http://www.w3.org/Bugs/Public/show_bug.cgi?id=4318
Summary: [All docs] Which WS-SecurityPolicy version should be
used as a reference
Product: WS-Policy
Version: LC
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Framework+Attachment+Guidelines
AssignedTo: fsasaki@w3.org
ReportedBy: umit.yalcinalp@sap.com
QAContact: public-ws-policy-qa@w3.org
Title: Which WS-SecurityPolicy version should be used as a reference?
Description: The following WS-Policy documents use references to
WS-SecurityPolicy 1.0. [1].
-- Framework
-- Attachment
-- Primer
-- Guidelines
Note: There was not a component to target all the documents, hence
Framework+Attachment+Guidelines was used to post this bug. Primer is included
in this issue as well.
The posted interop scenerios document to the wg [3] refer to the
WS-SecurityPolicy 1.2 [2]. If the intent of the interop scenerios is to test
the policy framework, the dependency is unfortunately broken.
There are differences between the versions of WS-SecurityPolicy. For example,
sp:HttpsToken is now a nested assertion instead of a parametric assertion using
attributes for requiring client certificate. This difference is used in testing
empty nested assertions in the interop scenerios. Thus affects the way that the
tests are perceived and used without requiring domain specific processing.
Justification: The version of the Security policy used in the interop scenerios
should reflect the version in the document and vice versa. They must match.
Thus, updating the documents with the latest version of the security policy
would eliminate confusion from the readers understanding and the use of the
security policy. Otherwise, what is really tested does not reflect the
documents being reviewed.
Proposal: Update all the versions of the documents to the latest version of
WS-SecurityPolicy to reflect the reality of what is tested.
[1]
http://www.oasis-open.org/committees/download.php/15979/oasis-wssx-ws-securitypolicy-1.0.pdf
[2]
http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/21401/ws-securitypolicy-1.2-spec-cd-01.pdf
[3] http://lists.w3.org/Archives/Public/public-ws-policy/2007Feb/0008.html